Printer bomb malware wastes reams of paper, sparks pandemonium

A Fortune 500 co.—It's "as if it was opening the .exe, printing garbage text."

A recently unleashed piece of malware is wreaking havoc in some enterprises by causing all their printers to print gibberish until they run out of paper, researchers from Symantec said.

"The impact is global and effecting approximately 80 print servers," an admin of one Fortune 500 company wrote in an online forum dedicated to the print bomb explosion. "The print job names were all 15 characters in length and unique. The print jobs were all garbage print, as if it was opening the .exe and printing the garbage text." Other participants reported the same phenomenon caused hundreds of their organizations' printers to run through reams of paper.

According to a blog post published Thursday by researchers from antivirus provider Symantec, the nuisance is being spread by Trojan.Milicenso. The worst hit regions are the US, India, Europe, and South America. Milicenso is a fairly sophisticated backdoor that serves as a for-hire delivery vehicle for other pieces of malware. One of its malicious payloads, known as Adware.Eorezo, is dropping an executable file in printer spooler directories, causing some applications to print representations of the binary code.

"This explains the reports of unwanted printouts observed in some compromised environments," the Symantec post stated. "Based on what we have discovered so far, the garbled printouts appear to be a side effect of the infection vector rather than an intentional goal of the author."

This is just the phase one, malformed postscript code has been delivered to printers, their firmwares have been reprogrammed and anyone who stays late in the office will be shredded by lazer and eaten alive by the toner compartment to replenish ink supply.

Unfortunately this is mostly indistinguishable from normal printer behavior.

That's because it is normal printer behaviour. The malware drops a file into the printer spooler directory ... and the printer happily prints it. Same as if you dropped any file into the spooler directory. It's "working as designed".

Not sure I understand the question, but I'll take a stab at answering anyway. Some malware exists for the sole purpose of delivering and installing other people's malware. The operators of these delivery mechanisms charge money for their services. So the "for-hire" reference is literal. Make sense?

Printers are often placed in separate rooms, and many enterprise printers can print very quickly. I've need thousand page documents before that have printed in a few minutes on some printers. And I've prined 100 pages between the time I started a print job and realized it was the wrong thing and canceled it. If you have any sort of load balancing across a set of printers, given their capacity of many reams of paper, it's possible to lose a lot before hitting cancel or pulling the plug.

We have 7 people sharing a printer, and it gets turned back on about once a week. Usually to print about 2 pages.

Which isn't to say we're paperless; I normally have a half-dozen or so notepads scattered around my desk for various projects and tasks.

Heh. Where I work we have about 1 network printer per 4 users. I kid you not. We print a TON. Sometimes we print spreadsheet-looking reports with tiny tiny print - hundreds of pages at a time. Not searchable, not backup-able, nothing. It's fucking PAPER. Sigh. Meanwhile, the original content is perpetually kept in the ERP system. So why print the fucker?

At home I don't have a printer. I didn't have a printer since about 2005. When I need to print an online receipt I just "print" into a PDF file or XPS file. Done. The only thing I really truly need to print are airline boarding passes. So I just use their kiosk at the airport.

I imagine this scene directed by Michael Bay, with people staggering around an office, ties undone, screaming in silence as paper flies out of printers with "80085" shown over and over again. Also somebody does a tumble roll right in front of the camera for no reason.

I remember dealing with this type of thing all the time when dealing with HP printers and Macs. The Macs would try to send Binary encoded PS and the printer wouldn't understand it so you'd get pages and pages of gibberish. You could either change your settings to send ASCII encoded postscript or change the queue on the printer so that it would handle the Binary encoded PS. Changing the queue usually ended up being the better solution because you could change it once for the print server and forget about it.

We use a program at work that prints as PS by default. Of course our printers can't handle it and so spit out an infinite amount of pages, each with exactly one and a half lines of gibberish. The beauty of this vs full pages of gibberish being that the printer can eject the rest of the page; so it can ruin paper at the fastest possible rate!

If our program was meant to be a virus it would be doing an excellent job.

Malware has gone full circle in advertising spam. Now they are trying to print ads directly to the printer so when you pick up your 50 page financial report/tax filing/school report... *BAM* You get a secret ad for penis enlargement and a coeds site.

Equitrac and secure print solves this problem - I am surprised fortune 500 companies do not have print/copy/scan management higher on their radar, especially with people leaking/printing documents that could contain personal information...